How to setup OpenVPN server for iPhone

Submitted by root on

root's picture

This is not a full tutorial but rather examples of working configuration files. Still, some commands will be mentioned but it is up to you to read properly OpenVPN documentation.
Server part was done on Debian. Probably the client configuration can be used for Android too. However, I have tested only iPhone here.

1. Install Openvpn. Details you can find here.

2. Create a directory in /etc/openvpn (in my example mobile-easy-rsa) and copy files as follows:

core:~# mkdir /etc/openvpn/mobile-easy-rsa/
core:~# cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0* /etc/openvpn/mobile-easy-rsa/
core:~# cd /etc/openvpn/mobile-easy-rsa/2.0/

3. Edit vars files according to your specifications. Pay special attention to the following:

export KEY_COUNTRY="US"
export KEY_PROVINCE="California"
export KEY_CITY="San Fransisco"
export KEY_ORG="My Company"
export KEY_EMAIL="my@mail.com"
export KEY_CN=server
export KEY_NAME=server
export KEY_OU=home

4. Create the server and Diffie-Helman certificates:

core:2.0# source ./vars
core:2.0# ./clean-all
core:2.0# ./build-ca
core:2.0# ./build-dh
core:2.0# ./build-key-server server

5. Create the client certificate (one for each client - in our example it will be only one):
core:2.0# ./build-key iPhone

At this point, all your needed keys should be in /etc/openvpn/mobile-easy-rsa/2.0/keys/.

6. Server configuration working example. You will have to modify port, server and certificates path accordind to your needs:

core:openvpn# cat mobile.conf
dev tun2
tls-server
dh [color=red]mobile-easy-rsa/2.0/keys/[/color]dh1024.pem
ca [color=red]mobile-easy-rsa/2.0/keys/[/color]ca.crt
cert [color=red]mobile-easy-rsa/2.0/keys/[/color]server.crt
key [color=red]mobile-easy-rsa/2.0/keys/[/color]server.key
server [color=red]10.10.10.0 255.255.255.248[/color]
comp-lzo
script-security 2
route-up "/sbin/ifconfig tun2 up"
port [color=red]1196[/color]
proto tcp-server
keepalive 30 120
client-config-dir mobile-custom
client-to-client
[color=blue]push "redirect-gateway def1"
domain-name-servers 10.10.10.1[/color]

The parameters in blue are needed if you want to drive all traffic on your client via VPN.

7. Restart the openvn server:

core:~# /etc/init.d/openvpn restart
Stopping virtual private network daemon: mobile.
Starting virtual private network daemon: mobile.

8. iPhone client configuration working example. Again, you will have to modify some parameters based on your specifications:

flmbp:~ $ cat config.ovpn
tls-client
remote [color=red]server_hostname_or_ip 1196[/color]
ca [color=red]ca.crt[/color]
cert [color=red]iPhone.crt[/color]
key [color=red]iPhone.key[/color]
comp-lzo
proto tcp

9. Install OpenVPN from App Store and copy the following configuration files via itunes (There are other ways to do this, iTunes is the easiest):
- configuration file from point 8: config.ovpn
- /etc/openvpn/mobile-easy-rsa/2.0/keys/iPhone.key
- /etc/openvpn/mobile-easy-rsa/2.0/keys/iPhone.crt
- /etc/openvpn/mobile-easy-rsa/2.0/keys/ca.crt

10. Start OpenVPN aplication and follow the instructions. It is quite easy.
END!

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content

tmutil: command line interface into Time Machine
root
macOS: tmutil set quota
root
ESXi: how to change the MTU of vmkernek (vmk) interface (when UI fails)
root
ESXi: A bunch of useful commands and information
root
How to repair a sparsebundle image
root
macOS: How to Show and Hide Hidden Files in macOS Finder
root
Samsung 870 QVO 2TB: Speed Tests and comparison with Adata SU650 and Kingston K600
root
Ubiquiti EdgeRouter X - thoughts and tips
root
Qnap TR-004 short review - why I cannot use it
root
Speed test of Icy Box IB-3805-C31, a 5 disks enclosure from Raidsonic
root
Asus ROG Sheath in 2024: a HUGE Mousepad, Bigger Than Logitech G840 XL
root
Debian DRBD: How to resize drbd and OCFS2 online
root
Ubuntu: Fast Install With VMware Fusion
root
The one with APC Back-UPS BE850G2-GR: Charge Whatever With It, From Phone to Computer And BEYOND :D
root
File Sharing Problems? Downgrade from macOS Ventura to Monterey
root
VIOFO A139 Quad HD Dash Camera - 3 Channels Camera in a 2 Channels Package. Confused?
root
CarPlay not working with iPhone 15 Pro? Seven Type C cables tested with Mazda 3 BP with USB-A Port
root
Apple Watch Series 9? Not Yet! I Still Love My "Seven of Nine" 19 months later
root
The Wooden Playhouse Project
root
ESXi 7: Create VMFS Partition Via Command Line
root
5 Months with iPhone 15 Pro: Not PERFECT But... Must See. From Gaming to ProRes Requirements.
root
How to build a 25U 600x600 Server Rack
root
Thermaltake Pure 20 fan - HUGE and quiet!
root
Docker: how to increase php memory "the docker way"
root
Mousepad Logitech G840
root
Global Chip Shortage? Build this oddity: PC From 2009 With GeForce GTX 1050ti 4G
root
Brigadier: How to use it to Download Boot Camp Drivers
root
Bombardier: How to use it to Download Boot Camp Drivers
root
Logitech Pro X Wired Gaming Headset (2nd gen): review + mic test with G HUB on Windows 11 and macOS
root
macOS: extract user's image
root